Chapter 8. Running SOAP to REST bridge quickstart for Spring Boot 2 on Fuse on OpenShift
This quickstart demonstrates how to use Camel’s REST DSL to expose a backend SOAP API. A simple camel route can bridge REST invocation to legacy SOAP service. Security is involved for both REST endpoint and SOAP endpoint, both backed by RH SSO. Frontend REST API protected via OAuth and OpenID Connect, and the client will fetch JWT access token from RH SSO using Resource Owner Password Credentials OAuth2 mode and using this token to access the REST endpoint.
Prerequsites
- You have installed and configured OCP 3.11 or later version.
- You have installed RH SSO 7.4 or later version.
- You have installed 3Scale 2.8 or later version.
-
You have configured authentication to
registry.redhat.io
. For more information see Configuring Red Hat Container Registry authentication.
Procedure
Following section explains how to run and deploy SOAP to REST bridge quickstart on Fuse on OpenShift.
- Start OpenShift server. Since we need to install RH SSO image (2 pods) and 3Scale image (15 pods) as prerequisites for this quickstart, we need to start the OpenShift server on a powerful machine, with options --memory 8GB --cpus 4. We also need to issue a security token with the expiration time, hence we need to add the timezone option as well. Ensure the Openshift cluster uses the same time zone as your local machine (by default it will use UTC timezone).
Add
cluster-admin
role to the userdeveloper
.$ oc login -u system:admin $ oc adm policy add-cluster-role-to-user cluster-admin developer $ oc login -u developer $ oc project openshift
This quickstart is deployed in the
openshift
namespace (this is the requirement of default configurations of the templates involved), as well as the RH SSO image, so we need to add thecluster-admin
role to userdeveloper
.Create a secret and link it to the
serviceaccounts
.$ oc create secret docker-registry camel-bridge --docker-server=registry.redhat.io \ --docker-username=USERNAME \ --docker-password=PASSWORD \ --docker-email=EMAIL_ADDRESS $ oc secrets link default camel-bridge --for=pull $ oc secrets link builder camel-bridge
Add the RH SSO image stream and install RH SSO with template
sso74-x509-postgresql-persistent
.$ for resource in sso74-image-stream.json \ sso74-https.json \ sso74-postgresql.json \ sso74-postgresql-persistent.json \ sso74-x509-https.json \ sso74-x509-postgresql-persistent.json do oc create -f \ https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/sso74-dev/templates/${resource} done $ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default $ oc new-app --template=sso74-x509-postgresql-persistent
Verify that the RH SSO images are available from
openshift
namespace, and then install RH SSO with templatesso74-x509-postgresql-persistent
. This template can save the RH SSO configuration permenantly, so the configuration is retained after the Openshift server restart.Once the RH SSO image is installed successfully on the server, you can see the output on the console as follows.
A new persistent RH-SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is tprYtXP1/nEjf7fojv11FmhJ5eaqadoh0SI2gvlls. The username/password for accessing the PostgreSQL database "root" is userqxe/XNYRjL74CrJEWW7HiSYEdH5FMKVSDytx. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets. * With parameters: * Application Name=sso * Custom RH-SSO Server Hostname= * JGroups Cluster Password=1whGRnsAWu162u0e4P6jNpLn5ysJLWjg # generated * Database JNDI Name=java:jboss/datasources/KeycloakDS * Database Name=root * Datasource Minimum Pool Size= * Datasource Maximum Pool Size= * Datasource Transaction Isolation= * PostgreSQL Maximum number of connections= * PostgreSQL Shared Buffers= * Database Username=userqxe # generated * Database Password=XNYRjL74CrJEWW7HiSYEdH5FMKVSDytx # generated * Database Volume Capacity=1Gi * ImageStream Namespace=openshift * RH-SSO Administrator Username=tprYtXP1 # generated * RH-SSO Administrator Password=nEjf7fojv11FmhJ5eaqadoh0SI2gvlls # generated * RH-SSO Realm= * RH-SSO Service Username= * RH-SSO Service Password= * PostgreSQL Image Stream Tag=10 * Container Memory Limit=1Gi
Note down the Username/Password which is used to access the RH SSO admin console. For example,
* RH-SSO Administrator Username=tprYtXP1 # generated * RH-SSO Administrator Password=nEjf7fojv11FmhJ5eaqadoh0SI2gvlls # generated
Install 3scale template in the 3scale project.
$ oc new-project 3scale $ oc create secret docker-registry threescale-registry-auth --docker-server=registry.redhat.io --docker-server=registry.redhat.io \ --docker-username=USERNAME \ --docker-password=PASSWORD \ --docker-email=EMAIL_ADDRESS $ oc secrets link default threescale-registry-auth --for=pull $ oc secrets link builder threescale-registry-auth $ oc new-app --param WILDCARD_DOMAIN="OPENSHIFT_IP_ADDR.nip.io" -f https://raw.githubusercontent.com/3scale/3scale-amp-openshift-templates/2.8.0.GA/amp/amp-eval-tech-preview.yml
3scale installation on openshift will start 15 pods, so it is necessary to create a new specific project for 3scale. You also need a new
threescale-registry-auth
(use this name to create the secret as it is written in 3scale templates) secret for 3scale. You can reuse the USERNAME/PASSWORD from camel-bridge secret. We intentionally useamp-eval-tech-preview.yml
template here because it doesn’t explicitly specify hardware resources so can be easily run on a local machine/laptop.After the 3scale template is installed successfully on the Openshift, you can see the output on the console as follows.
3scale API Management --------- 3scale API Management main system (Evaluation) Login on https://3scale-admin.192.168.64.33.nip.io as admin/b6t784nt * With parameters: * AMP_RELEASE=2.8 * APP_LABEL=3scale-api-management * TENANT_NAME=3scale * RWX_STORAGE_CLASS=null * AMP_BACKEND_IMAGE=registry.redhat.io/3scale-amp2/backend-rhel7:3scale2.8 * AMP_ZYNC_IMAGE=registry.redhat.io/3scale-amp2/zync-rhel7:3scale2.8 * AMP_APICAST_IMAGE=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8:3scale2.8 * AMP_SYSTEM_IMAGE=registry.redhat.io/3scale-amp2/system-rhel7:3scale2.8 * ZYNC_DATABASE_IMAGE=registry.redhat.io/rhscl/postgresql-10-rhel7 * MEMCACHED_IMAGE=registry.redhat.io/3scale-amp2/memcached-rhel7:3scale2.8 * IMAGESTREAM_TAG_IMPORT_INSECURE=false * SYSTEM_DATABASE_IMAGE=registry.redhat.io/rhscl/mysql-57-rhel7:5.7 * REDIS_IMAGE=registry.redhat.io/rhscl/redis-32-rhel7:3.2 * System MySQL User=mysql * System MySQL Password=mrscfh4h # generated * System MySQL Database Name=system * System MySQL Root password.=xbi0ch3i # generated * WILDCARD_DOMAIN=192.168.64.33.nip.io * SYSTEM_BACKEND_USERNAME=3scale_api_user * SYSTEM_BACKEND_PASSWORD=kraji167 # generated * SYSTEM_BACKEND_SHARED_SECRET=8af5m6gb # generated * SYSTEM_APP_SECRET_KEY_BASE=726e63427173e58cbb68a63bdc60c7315565d6acd037caedeeb0050ecc0e6e41c3c7ec4aba01c17d8d8b7b7e3a28d6166d351a6238608bb84aa5d5b2dc02ae60 # generated * ADMIN_PASSWORD=b6t784nt # generated * ADMIN_USERNAME=admin * ADMIN_EMAIL= * ADMIN_ACCESS_TOKEN=k055jof4itblvwwn # generated * MASTER_NAME=master * MASTER_USER=master * MASTER_PASSWORD=buikudum # generated * MASTER_ACCESS_TOKEN=xa7wkt16 # generated * RECAPTCHA_PUBLIC_KEY= * RECAPTCHA_PRIVATE_KEY= * SYSTEM_REDIS_URL=redis://system-redis:6379/1 * SYSTEM_MESSAGE_BUS_REDIS_URL= * SYSTEM_REDIS_NAMESPACE= * SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE= * Zync Database PostgreSQL Connection Password=efyJdRccBbYcWtWl # generated * ZYNC_SECRET_KEY_BASE=dcmNGWtrjCReuJlQ # generated * ZYNC_AUTHENTICATION_TOKEN=3FKMAije3V3RWQQ8 # generated * APICAST_ACCESS_TOKEN=2ql8txu4 # generated * APICAST_MANAGEMENT_API=status * APICAST_OPENSSL_VERIFY=false * APICAST_RESPONSE_CODES=true * APICAST_REGISTRY_URL=http://apicast-staging:8090/policies
Note down the Username/Password which can access the 3scale admin console.
* ADMIN_PASSWORD=b6t784nt # generated * ADMIN_USERNAME=admin
Configure RH SSO.
-
Login to RH SSO Admin Console from
https://sso-openshift.OPENSHIFT_IP_ADDR.nip.io/auth
with username/password displayed on console after the RH SSO installation. - Click the Add Realm button on the upper left corner of the page.
- On the Add Realm page, select Import Select file button.
-
Select
./src/main/resources/keycloak-config/realm-export-new.json
from the directory which will import pre-defined necessaryrealm/client/user/role
for this example.
-
Login to RH SSO Admin Console from
Configure 3Scale API Gateway.
-
Login to 3Scale Admin Console from
https://3scale-admin.OPENSHIFT_IP_ADDR.nip.io/p/admin/dashboard
with username/password displayed on console after the 3Scale installation. -
When creating a new product, select Define manually and use
camel-security-bridge
for both Name and System name. -
When creating a new backend, use
camel-security-bridge
for both Name and System name and the Private Base URL should behttp://spring-boot-camel-soap-rest-bridge-openshift.OPENSHIFT_IP_ADDR.nip.io/
. - Add the newly created backend to the newly created product.
-
Add the Mapping Rule
Verb:POST Pattern:/
. -
When creating application plans, use
camel-security-bridge
for both Name and System name. When creating applications, choose the new created
camel-security-bridge
application plan. After creating the application, note down the API Credentials. Use these credentials to access the 3scale gateway. For eample,User Key bdfb53fe9b426fbf21428fd116035798
-
Edit the newly created
camel-security-bridge
project and publish it fromcamel-security-bridge
in the Dashboard. - Go to Integration > Settings. Select As HTTP Headers as the Credentials location.
-
From the
camel-security-bridge
in the Dashboard, go to Integration > Configuration and promote both the Staging APIcast and Production APIcast.
-
Login to 3Scale Admin Console from
Navigate to the directory that contains the extracted quickstart application (for example, my_openshift/spring-boot-camel-soap-rest-bridge).
$ cd my_openshift/spring-boot-camel-soap-rest-bridge
Build and deploy the project to the OpenShift cluster.
$ mvn clean oc:deploy -Popenshift -DJAVA_OPTIONS="-Dsso.server=https://sso-openshift.OPENSHIFT_IP_ADDR.nip.io -Dweather.service.host=${your local ip}"
We need to pass in two properties to
camel-soap-rest-bridge
image on openshift. One is the RH SSO server address on openshift, and this is https://sso-openshift.OPENSHIFT_IP_ADDR.nip.io. Another one is the backend soap server. In this quickstart, we run the backend soap server on the local machine, so pass the local ip address of your machine as -Dweather.service.host. (This must be an ip address other than localhost or 127.0.0.1).-
In your browser, navigate to the
openshift
project in the OpenShift console. Wait until you can see that the pod for thespring-boot-camel-soap-rest-bridge
has started up. -
On the project’s Overview page, navigate to the details page deployment of the
spring-boot-camel-soap-rest-bridge
application: https://OPENSHIFT_IP_ADDR:8443/console/project/openshift/browse/pods/spring-boot-camel-soap-rest-bridge-NUMBER_OF_DEPLOYMENT?tab=details. - Switch to Logs tab to view the log from Camel.
- Access OpenApi API.
This example provides API documentation of the service using openapi using the context-path camelcxf/openapi. You can access the API documentation from your Web browser at http://spring-boot-camel-soap-rest-bridge-openshift.OPENSHIFT_IP_ADDR.nip.io/camelcxf/openapi/openapi.jsonn.